How did someone get $36 billion at a 250k/500k table?

it will be interesting to see what Replay does with the “ill gotten” billions gained by some players … and the millions some players lost challenging the hacker … if their goal was to mess up the Replay “chip economy” … they succeeded

2 Likes

While this person obviously hacked chips … i don’t believe he influenced the random number generator … i sat in the game to play but then mostly just observed … they were losing a lot hands … often just going all in on river then showing bluffs … for those catching the nutz it was an easy 100 mill plus

2 Likes

There was no manipulation of the cards. That’s impossible for a player to do. Collusion and a chip steal is the issue.

3 Likes

Maybe the fella bought his chips.

If he caught a good 50% off sale, he could have bought 43 billion chips for less than $450,000 USD. A fella like that would be good for business.

5 Likes

I don’t understand what is the point of stealing free chips, they are worthless?

2 Likes

I have no idea. Perhaps it’s an ego thing or a #1 player status thing. I just don’t get it !

2 Likes

Hi all, thanks so much for bringing this to our attention. Your reports helped us discover this fraudster and ban his account. @AlmostLive and @Craig_Anthony are correct – players do not have any way of manipulating cards, and that did not occur in this situation.

However, there was obviously some disruption to the chip balances of other players after this episode. Chips won and lost by the fraudster will require some balances to be adjusted. Those who lost will be reimbursed, but we will also be looking to remove some chips from those who benefitted. We know that no one was complicit with the fraud, but several billion chips have been won by toplist players which will need to be removed. We’ll be notifying affected players before we make any adjustments.

I’m so sorry to anyone affected by this situation – we’ll get it fixed. Thanks to you all for your patience and understanding.

12 Likes

Another job well done by Replay Staff and the vigilant community here ! We look after each other as should be .

2 Likes

Can you please shed more light on what exactly happened and how it could happen?

From what I’ve seen, there were two accounts which suddenly had billions of chips and both of them were able to buy into ring games for way more chips than the usual 200 bb limit. Both a player’s bankroll and the max buy-in should be enforced from the server side, so what went wrong? Are they not enforced from the server side or did your servers get hacked?

I’m not saying that the dealing mechanism was manipulated in this instance. But dealing is also controlled from the server side and given that bankrolls and max buy-ins have been manipulated, simply saying that “players do not have any way of manipulating cards” is no longer very convincing to me.

6 Likes

Seconding BW’s post. Also want to add the fact someone was able to cheat the system tarnishes the credibility of Replay chips and makes the competition for them less meaningful. Even though it’s only play money we all fight for it with real time and effort. We take it seriously and if we are going to continue taking it seriously we need to have confidence in the “chip economy” and the technical systems that support it. I, and I assume others, need more details about how this happened and what was done about it to restore our faith.

This fraudster chose to give himself an absurd amount of chips and make no effort to hide what he was doing. What if he had chosen to be more discreet? Would Replay still have caught him? How do we know this is not still going on right now? How do we know someone is not currently using the same methods right now and diluting the chips in a more subtle manner?

OK this totally explains the Run of bad luck I had last mo… Lost with AA and KK too many times… I must have been hacked… LOL

But seriously there has been a troll that has been stalking a few players in some of the League games and because of this we have lost our spectator chat… could this be connected???

Even though you’re joking, this is no longer an entirely unreasonable thing to say.

I appreciate you following up, and understand the concerns. Your chips do have value here, as they’re reflective of your time, effort, and skill, and we’re correcting the economical impact. To clarify — our servers were not hacked, and your cards cannot be affected. This was a client manipulation that we are fixing. We do have systems in place to track this behavior even if it isn’t this egregious. Our tech team is still investigating this as our highest priority, and we’ve implemented additional layers of protection.

9 Likes

I just checked the Toplist “Biggest Pots” and the “hackers” are still listed as having the top 10 biggest pots won. Thought you might want to know.

Works for me. Thanks for giving this the prompt attention it deserved.

I, for one, don’t expect full details of the exploit or your fixes to be made public. I see no reason to do so, but am confident you will fix this. Thanks.

5 Likes

Thank you for your response. I’ve been a professional software developer for almost 20 years and have worked on countless web projects during that time. I find it very difficult to accept that this could have been solely the result of a client-side vulnerability. With full respect and appreciation for your efforts, I don’t believe you are using the term “client” correctly here. If the server-side is accepting and propagating bad information sent by a client, this should be viewed as a server-side vulnerability primarily, even if a client-side issue was how the exploit began.

I can accept there was no penetration of the servers or databases. Meaning no one has gained access beyond what the client/server API allows them to do. If there was a vulnerability in the API exploited by a bad actor I could accept this.

I don’t expect the full details to be made available. No one would ever do this. But there’s a happy middle somewhere between saying “it was client manipulation” and telling us everything.

Sorry if I come off as angry. I’m really not.

1 Like

Great to hear. I’m satisfied with the response and priority you are giving it :+1:t2:.

4 Likes

All great replies. Just one main problem. RP staff says their accounts have been banned, but that is EASILY gotten around of: using a new email and new name gets you in like flint. What RP needs to do is register the banned user’s IP address. That can be gotten around also, but much more difficult and would involve a separate computer system and server…

Might help if you read some of the Replay posts above.

3 Likes